If you care about cybersecurity, you surely have heard the term ‘software vulnerability.’ But it can quickly happen that sometimes we take this term for granted nowadays. That is why I decided to write this article to revisit the terminology behind software vulnerabilities and how they affect the cyber threat landscape.
What are vulnerabilities in Software?
I assume that we are quite aware of the word vulnerability and its meaning. Without looking it up, I would say software vulnerability is the result of having a bug in the code that allows for unintended behavior.
Now, I will borrow the knowledge of NIST, which shares the definition of Software vulnerability:
A security flaw, glitch, or weakness found in software code that could be exploited by an attacker (threat source).
All right, this makes sense – so now we should know what makes software vulnerable. However, how does one now exploit this vulnerability, and what exactly is exploitation? We will learn this by traversing the Vulnerability Lifecycle. Note that we are not discussing the Vulnerability Management Lifecycle here.